ROKSO Home  |  ROKSO FAQs & Policies  |  About Spamhaus  |  FAQs
The Register of Known Spam Operations
Rove Digital

Evidence Menu:

Rove Digital Index

Country: Estonia
*** Most of the gang now in prison awaiting trial ***

Botnets, malware, spam, pharming, DDoS. Inhoster, Cernel, Esthost, Atrivo. What else needs to be said?

Also known as the "DNS Changer malware" gang.

Rove Digital SBL Listings History
Current SBL Listings
Archived SBL Listings

Main Info

An Estonian nexus of cyber crime including spam, malware and botnets. DNS Changer trojans (dnschanger.troj, Zlob), also known as "pharming", is one of their specialties. Associated with many other Eastern European cyber crime gangs such as Russian Business Network, Esthost, Inhoster, Cernel, Hostfresh of Hong Kong and UkrTeleGroup ( You may recognize those names from Atrivo/Intercage and McColo networks that went dark in late 2008 due to lack of trust from any peering networks. Don't be surprised to find them changing names again, that's all part of their MO.

Rove Digital made a small attempt to DDoS Spamhaus after they lost a connection via and

Some aliases of Rove Digital:

- "Carrier Net",, AS22945
- Esthost (
- Estdomains (
- Exact Solution, Inc (
- Front Communications, Inc (
- Infradata (
- Media Code, Inc (
- "Net Provider, Inc",, AS46764
- Operation Key (
- Proper Software, Inc (
- Tamme Arendus OY (
- Promnet Ltd.
- Otegra LTD.

They also use these aliases:

James Ajeet
Singh Ajeet
Paul Aspen

These projects are Rove too:

GATHI Advertising network (
Bakler Inc

and this perhaps?

Colosecure - chicago

Related URLs

  • 2009 prediction of there demise - 2 years too early! / (English translation)
  • Cybercrime's U.S. Home : Spamhaus news blog regarding Atrivo/Intercage, 2008-08-29
  • Another one bytes the dust : Spamhaus news blog regarding McColo, 2008-11-17
  • Tables of SBL listings related to Cernel, Inhoster, Hostfresh etc.
  • ROKSO: Russian Business Network
  • Rove Digital Gone (russian)
  • Definition: Pharming
  • Definition: DDoS

    Not quite sure who this research outfit is (they're welcome to introduce themselves to Spamhaus, we'd like to know them), but they have some interesting info on Rove here and here.

    Trend Micro writes about a cybercrime company in Tartu, Estonia, in their blog. They note that it changes names very frequently and allude to its former presence at Intercage and the loss of its registrar accreditation from ICANN. The blog introduces Trend's whitepaper, A Cybercrime Hub, about the company's crime operations.

  • The Register of Known Spam Operations (ROKSO) collates information and evidence on entities with a history of spamming or providing spam services, and entities affiliated or otherwise connected with them, for the purpose of assisting ISP Abuse Desks and Law Enforcement Agencies.
    The address of this ROKSO record is:

    The above consists of information in the public domain. The Spamhaus Project makes every effort to avoid errors in information in the ROKSO database, and will correct any errors as soon as it is able to verify the correction, but accepts no responsibility or liability for any errors or omissions, or liability for any loss or damage, consequential or otherwise, incurred in reliance on the material in these pages. The Spamhaus Project makes no warranties or representations as to the accuracy of the Information in ROKSO records. The information in the ROKSO database is for information purposes only and is not intended as legal advice of any kind.

    For information on contacting the ROKSO Team regarding any factual errors in this record, see the ROKSO FAQs.
    © 1998-2016 The Spamhaus Project Ltd. All rights reserved.
    Legal  |  Privacy